Re: Re[2]: [IMail Forum] IP Security

[Michael Keen]

Hello Sandy,

Thanks for the welcome.

> MK> Well, Steve Gibson may in fact be a tool, but his text on port 113
> MK> seems to make sense.
>
> Only  if  you  think  inside his box.

Actually, Mr. Gibson's position on port 113 is that it is best NOT to expose the port but that it might be necessary to communicate with certain servers.  I'm not sure how anyone can find much fault with that position.

> This is basic TCP/IP commonsense
> we're  talking  about here. The points are very clear: letting through
> 113 at any level is (1) unnecessary for mail delivery, and (2) creates
> an unnecessary management burden (anyone who inherits your firewall or
> server  is  going to say, "What the heck is this in here for?"). It is
> most  definitely not a best practice. I would suggest that you do some
> due diligence and reconsider your conclusion based on real experience,
> not Mr. Gibson's fantastical self-image.

So putting the subject of Mr. Gibson aside, I agree that real experience and due diligence are the best course of action.  As I stated in an earlier post, it was my own personal experience that an SMTP server I operated was unable to forward mail to a small number of recipients until I opened port 113 on my Netscreen 5 firewall (not a software firewall or a SOHO device).

Admittedly, this was a couple of years ago and things may have changed since then.  I will certainly be willing to close port 113 based on what I've read here and see what happens.  I have no objection to closing a port if it doesn't hurt to do so.

Sincerely,
Michael Keen
http://www.inksite.com